CVE-2023-54087NULL Pointer Dereference in Linux

CWE-476NULL Pointer Dereference7 documents6 sources
Severity
5.5MEDIUM
No vector
EPSS
0.0%
top 89.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 24

Description

In the Linux kernel, the following vulnerability has been resolved: ubi: Fix possible null-ptr-deref in ubi_free_volume() It willl cause null-ptr-deref in the following case: uif_init() ubi_add_volume() cdev_add() -> if it fails, call kill_volumes() device_register() kill_volumes() -> if ubi_add_volume() fails call this function ubi_free_volume() cdev_del() device_unregister() -> trying to delete a not added device, it causes null-ptr-deref So in ubi_free_volume(), it delete devices whether

Affected Packages4 packages

Linuxlinux/linux_kernel2.6.224.14.308+6
Debianlinux/linux_kernel< 5.10.178-1+3
CVEListV5linux/linux801c135ce73d5df1caf3eca35b66a10824ae07075558bcf1c58720ca6e9d6198d921cb3aa337f038+8
debiandebian/linux< linux 6.1.20-1 (bookworm)

🔴Vulnerability Details

3
OSV
CVE-2023-54087: In the Linux kernel, the following vulnerability has been resolved: ubi: Fix possible null-ptr-deref in ubi_free_volume() It willl cause null-ptr-dere2025-12-24
OSV
ubi: Fix possible null-ptr-deref in ubi_free_volume()2025-12-24
GHSA
GHSA-9w7w-3xjc-3wgw: In the Linux kernel, the following vulnerability has been resolved: ubi: Fix possible null-ptr-deref in ubi_free_volume() It willl cause null-ptr-de2025-12-24

📋Vendor Advisories

2
Red Hat
kernel: Linux kernel (UBI): Denial of Service due to improper error handling2025-12-24
Debian
CVE-2023-54087: linux - In the Linux kernel, the following vulnerability has been resolved: ubi: Fix po...2023

🕵️Threat Intelligence

1
Wiz
CVE-2023-54087 Impact, Exploitability, and Mitigation Steps | Wiz